Announcement

Collapse
No announcement yet.

Sbs2008 + ca + exc??

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sbs2008 + ca + exc??

    Hey guys,

    I have a client that has a domain, however they are starting to get issues with certificates such as autodiscover etc.

    With the need to spend no money, is it possible to turn the machine into a CA - provide a certificate to the clients to allow all certificates from this server, and then to create a SAN / wildcard certificate for the likes of autodiscover.domain.com etc ??

    Thanks for the help !

    Dean J

  • #2
    Re: Sbs2008 + ca + exc??

    Yes it's possible but wouldn't it be less expensive for the client if you just purchase a cert instead of setting up the infrastructure yourself?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Sbs2008 + ca + exc??

      hmm I'm not sure if i follow - is it not possible to install CA services that come with 2008, and genereate certificates etc using that. IT would just mean that it doesn't come from a trusted root auth. to get around this part - add a root ca from the newly created CA ??

      If its all messed up ill go with certs

      Comment


      • #4
        Re: Sbs2008 + ca + exc??

        Yes, it is possible. But for the client to pay for your time to set that up and maintain it vs the cost of just buying a cert I know for me it would be less expensive for my clients to just buy the cert.

        If you already have an Enterprise CA setup and only domain users and computers will be accessing the Exchange server then it would make sense to have your CA sign the SAN cert. Otherwise save yourself the time and the client's money and buy a cert.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Sbs2008 + ca + exc??

          Exchange 2007 and above are really set up to use public certificates. If you use an internal CA you need a public cert to verify your CA, which costs serious $$$.

          Use www.godaddy.com where you can get a SAN certificate for $80 per year, less all the normal discounts they do.
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment

          Working...
          X